diff options
Diffstat (limited to 'user')
-rw-r--r-- | user/bind/APKBUILD | 2 | ||||
-rw-r--r-- | user/cifs-utils/APKBUILD | 8 | ||||
-rw-r--r-- | user/claws-mail/APKBUILD | 8 | ||||
-rw-r--r-- | user/confuse/APKBUILD | 10 | ||||
-rw-r--r-- | user/eigen/APKBUILD | 11 | ||||
-rw-r--r-- | user/i3status/APKBUILD | 2 | ||||
-rw-r--r-- | user/libcroco/APKBUILD | 11 | ||||
-rw-r--r-- | user/libcroco/CVE-2020-12825.patch | 187 | ||||
-rw-r--r-- | user/libjpeg-turbo/APKBUILD | 8 | ||||
-rw-r--r-- | user/libjpeg-turbo/CVE-2020-13790.patch | 35 | ||||
-rw-r--r-- | user/libproxy/APKBUILD | 13 | ||||
-rw-r--r-- | user/libproxy/CVE-2020-25219.patch | 57 | ||||
-rw-r--r-- | user/libproxy/CVE-2020-26154.patch | 93 | ||||
-rw-r--r-- | user/meson/APKBUILD | 4 | ||||
-rw-r--r-- | user/yubikey-personalization/APKBUILD | 6 | ||||
-rw-r--r-- | user/yubikey-personalization/json_c.patch | 83 |
16 files changed, 472 insertions, 66 deletions
diff --git a/user/bind/APKBUILD b/user/bind/APKBUILD index 2b39c5f1f..44cd5cf30 100644 --- a/user/bind/APKBUILD +++ b/user/bind/APKBUILD @@ -9,7 +9,7 @@ _p=${pkgver#*_p} _ver=${pkgver%_p*} _major=${pkgver%%.*} [ "$_p" != "$pkgver" ] && _ver="${_ver}-P$_p" -pkgrel=0 +pkgrel=1 pkgdesc="The ISC DNS server" url="https://www.isc.org/downloads/bind/" arch="all" diff --git a/user/cifs-utils/APKBUILD b/user/cifs-utils/APKBUILD index 798bb8a1e..17b83ab41 100644 --- a/user/cifs-utils/APKBUILD +++ b/user/cifs-utils/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Francesco Colista <fcolista@alpinelinux.org> # Maintainer: Max Rees <maxcrees@me.com> pkgname=cifs-utils -pkgver=6.10 +pkgver=6.11 pkgrel=0 pkgdesc="CIFS filesystem user-space tools" url="https://wiki.samba.org/index.php/LinuxCIFS_utils" @@ -18,6 +18,10 @@ source="https://ftp.samba.org/pub/linux-cifs/$pkgname/$pkgname-$pkgver.tar.bz2 xattr_size_max.patch " +# secfixes: +# 6.11-r0: +# - CVE-2020-14342 + prepare() { default_prepare autoreconf -vif @@ -48,7 +52,7 @@ package() { chmod u+s "$pkgdir"/sbin/mount.cifs } -sha512sums="e19ca69b7948f01c1fd6a4ed069e00511588b903a5b8b0dc35ac1e00743170b9ca180b747c47d56cfacf273b296da21df60e1957404f26ebf2ba80bfa7e275cc cifs-utils-6.10.tar.bz2 +sha512sums="064c0ac75572fb44908390508462e4fdfe0686751149fd8b656a209dd961a5a24a7d9774c38c0e72fa5f9875b43aea7bf2de038c4e4a63a11664e71d9003100e cifs-utils-6.11.tar.bz2 99a2fab05bc2f14a600f89526ae0ed2c183cfa179fe386cb327075f710aee3aed5ae823f7c2f51913d1217c2371990d6d4609fdb8d80288bd3a6139df3c8aebe musl-fix-includes.patch f3acb4f7873628d67c7dfb2378135c302fe382e314277829ea5569710bac0ddb43684aa6d143327d735aec641997084eaa567823b534138ed884bd74044b652a respect-destdir.patch 2a9366ec1ddb0389c535d2fa889f63287cb8374535a47232de102c7e50b6874f67a3d5ef3318df23733300fd8459c7ec4b11f3211508aca7800b756119308e98 xattr_size_max.patch" diff --git a/user/claws-mail/APKBUILD b/user/claws-mail/APKBUILD index 72256b3a5..1554a00da 100644 --- a/user/claws-mail/APKBUILD +++ b/user/claws-mail/APKBUILD @@ -1,7 +1,7 @@ # Contributor: A. Wilcox <awilfox@adelielinux.org> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=claws-mail -pkgver=3.17.6 +pkgver=3.17.8 pkgrel=0 pkgdesc="User-friendly, lightweight, and fast email client" url="https://www.claws-mail.org/" @@ -15,6 +15,10 @@ makedepends="compface-dev curl-dev dbus-glib-dev enchant-dev gnutls-dev subpackages="$pkgname-doc $pkgname-lang" source="https://www.claws-mail.org/download.php?file=releases/claws-mail-$pkgver.tar.xz" +# secfixes: +# 3.17.8-r0: +# - CVE-2020-16094 + build() { ./configure \ --build=$CBUILD \ @@ -36,4 +40,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="07fdf7fce722ee1e50aa155bca720323a58842b372d8295bed33c7245fce5790a1bd3ed7462130664a218a804ab6bd1ba3663ee3e53fbbac6a4a477dd676ede0 claws-mail-3.17.6.tar.xz" +sha512sums="dc29c968dc81a184af8f66c1afe5c9d17558ce6a4a8b196136a9fb5deec96aa67eec42148ed0f4d6d6ee94aec2791247b9034090dac81beec193bd7d366617d7 claws-mail-3.17.8.tar.xz" diff --git a/user/confuse/APKBUILD b/user/confuse/APKBUILD index 4bdfa851f..fc31d73d1 100644 --- a/user/confuse/APKBUILD +++ b/user/confuse/APKBUILD @@ -1,10 +1,10 @@ # Contributor: Mira Ressel <aranea@aixah.de> # Maintainer: pkgname=confuse -pkgver=3.2.2 +pkgver=3.3 pkgrel=0 pkgdesc="Small configuration file parser library for C" -url=" " +url="https://github.com/martinh/libconfuse" arch="all" license="ISC" depends="" @@ -12,6 +12,10 @@ makedepends="" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" source="https://github.com/martinh/libconfuse/releases/download/v$pkgver/$pkgname-$pkgver.tar.xz" +# secfixes: +# 3.3-r0: +# - CVE-2018-19760 + build() { ./configure \ --build=$CBUILD \ @@ -34,4 +38,4 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="c6baea65e064fe7f2d1bde187c6dcbb7f03c31f5d777cb04576f9cc2d94e9c96b7ee202e030e9a2c7eb619deb240d9e76fb12b3528ae5aa0d3abe231354d12c9 confuse-3.2.2.tar.xz" +sha512sums="93cc62d98166199315f65a2f6f540a9c0d33592b69a2c6a57fd17f132aecc6ece39b9813b96c9a49ae2b66a99b7eba1188a9ce9e360e1c5fb4b973619e7088a0 confuse-3.3.tar.xz" diff --git a/user/eigen/APKBUILD b/user/eigen/APKBUILD index 125cf77fe..aa2a537d2 100644 --- a/user/eigen/APKBUILD +++ b/user/eigen/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Bradley J Chambers <brad.chambers@gmail.com> # Maintainer: pkgname=eigen -pkgver=3.3.7 +pkgver=3.3.8 pkgrel=0 pkgdesc="Eigen is a C++ template library for linear algebra" url="http://eigen.tuxfamily.org/index.php?title=Main_Page" @@ -11,12 +11,7 @@ license="MPL-2.0" depends="" makedepends="" subpackages="$pkgname-dev" -source="$pkgname-$pkgver.tar.gz::http://bitbucket.org/eigen/$pkgname/get/$pkgver.tar.gz" - -prepare() { - mv "$srcdir"/eigen-eigen-* "$builddir" # directory name contains hash - default_prepare -} +source="https://gitlab.com/libeigen/eigen/-/archive/$pkgver/eigen-$pkgver.tar.gz" package() { mkdir -p "$pkgdir"/usr/include/eigen3 @@ -24,4 +19,4 @@ package() { cp -r "$builddir"/unsupported "$pkgdir"/usr/include/eigen3 } -sha512sums="34cf600914cce719d61511577ef9cd26fbdcb7a6fad1d0ab8396f98b887fac6a5577d3967e84a8f56225cc50de38f3b91f34f447d14312028383e32b34ea1972 eigen-3.3.7.tar.gz" +sha512sums="5b4b5985b0294e07b3ed1155720cbbfea322fe9ccad0fc8b0a10060b136a9169a15d5b9cb7a434470cadd45dff0a43049edc20d2e1070005481a120212edc355 eigen-3.3.8.tar.gz" diff --git a/user/i3status/APKBUILD b/user/i3status/APKBUILD index 01e567cee..f143b6fc5 100644 --- a/user/i3status/APKBUILD +++ b/user/i3status/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: pkgname=i3status pkgver=2.13 -pkgrel=1 +pkgrel=2 pkgdesc="Status bar generator for dzen2, xmobar or similar" url="https://i3wm.org/i3status/" arch="all" diff --git a/user/libcroco/APKBUILD b/user/libcroco/APKBUILD index 209720aaa..4470ac952 100644 --- a/user/libcroco/APKBUILD +++ b/user/libcroco/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: pkgname=libcroco pkgver=0.6.13 -pkgrel=0 +pkgrel=1 pkgdesc="GNOME CSS 2 parsing and manipulation toolkit" url="https://gitlab.gnome.org/GNOME/libcroco" arch="all" @@ -11,11 +11,15 @@ subpackages="$pkgname-dev" depends="" makedepends="glib-dev libxml2-dev" checkdepends="cmd:which" -source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz" +source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz + CVE-2020-12825.patch + " # secfixes: # 0.6.12-r2: # - CVE-2017-7960 +# 0.6.13-r1: +# - CVE-2020-12825 build() { ./configure \ @@ -34,4 +38,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz" +sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz +ae568a259a2a3a90f6cf107b4f0d5a0dbb6cb3a560262a43b96460457a4b72b7c5f45c2df9c061ed1f94c41b71bdcf69bd55582a77bf858e46c2c3c8a55fe6e3 CVE-2020-12825.patch" diff --git a/user/libcroco/CVE-2020-12825.patch b/user/libcroco/CVE-2020-12825.patch new file mode 100644 index 000000000..6fa66f659 --- /dev/null +++ b/user/libcroco/CVE-2020-12825.patch @@ -0,0 +1,187 @@ +From 44cbd1e718d6a08e59b9300280c340218a84e089 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@gnome.org> +Date: Wed, 12 Aug 2020 13:54:15 -0500 +Subject: [PATCH] libcroco: Limit recursion in block and any productions + (CVE-2020-12825) + +If we don't have any limits, we can recurse forever and overflow the +stack. + +This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8 + +https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404 +--- + src/cr-parser.c | 44 ++++++++++++++++++++++++++-------------- + 1 file changed, 29 insertions(+), 15 deletions(-) + +diff --git a/src/cr-parser.c b/src/st/croco/cr-parser.c +index 07f4ed9e8b..8304b75614 100644 +--- a/src/cr-parser.c ++++ b/src/cr-parser.c +@@ -136,6 +136,8 @@ struct _CRParserPriv { + + #define CHARS_TAB_SIZE 12 + ++#define RECURSIVE_CALLERS_LIMIT 100 ++ + /** + * IS_NUM: + *@a_char: the char to test. +@@ -343,9 +345,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this); + + static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this); + +-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls); + +-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this); ++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls); + + static enum CRStatus cr_parser_parse_value_core (CRParser * a_this); + +@@ -783,7 +787,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_parser_try_to_skip_spaces_and_comments (a_this); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + } while (status == CR_OK); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, +@@ -794,7 +798,7 @@ cr_parser_parse_atrule_core (CRParser * a_this) + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, + FALSE); + goto done; +@@ -929,11 +933,11 @@ cr_parser_parse_selector_core (CRParser * a_this) + + RECORD_INITIAL_POS (a_this, &init_pos); + +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + + } while (status == CR_OK); + +@@ -955,10 +959,12 @@ cr_parser_parse_selector_core (CRParser * a_this) + *in chapter 4.1 of the css2 spec. + *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*; + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *FIXME: code this function. + */ + static enum CRStatus +-cr_parser_parse_block_core (CRParser * a_this) ++cr_parser_parse_block_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token = NULL; + CRInputPos init_pos; +@@ -966,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this) + + g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token); +@@ -995,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this) + } else if (token->type == CBO_TK) { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } else { + cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + CHECK_PARSING_STATUS (status, FALSE); + goto parse_block_content; + } +@@ -1108,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_block_core (a_this); ++ status = cr_parser_parse_block_core (a_this, 0); + CHECK_PARSING_STATUS (status, FALSE); + ref++; + goto continue_parsing; +@@ -1122,7 +1131,7 @@ cr_parser_parse_value_core (CRParser * a_this) + status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, + token); + token = NULL; +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, 0); + if (status == CR_OK) { + ref++; + goto continue_parsing; +@@ -1161,10 +1170,12 @@ cr_parser_parse_value_core (CRParser * a_this) + * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*; + * + *@param a_this the current instance of #CRParser. ++ *@param n_calls used to limit recursion depth + *@return CR_OK upon successfull completion, an error code otherwise. + */ + static enum CRStatus +-cr_parser_parse_any_core (CRParser * a_this) ++cr_parser_parse_any_core (CRParser * a_this, ++ guint n_calls) + { + CRToken *token1 = NULL, + *token2 = NULL; +@@ -1173,6 +1184,9 @@ cr_parser_parse_any_core (CRParser * a_this) + + g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR); + ++ if (n_calls > RECURSIVE_CALLERS_LIMIT) ++ return CR_ERROR; ++ + RECORD_INITIAL_POS (a_this, &init_pos); + + status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1); +@@ -1211,7 +1225,7 @@ cr_parser_parse_any_core (CRParser * a_this) + *We consider parameter as being an "any*" production. + */ + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1236,7 +1250,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +@@ -1264,7 +1278,7 @@ cr_parser_parse_any_core (CRParser * a_this) + } + + do { +- status = cr_parser_parse_any_core (a_this); ++ status = cr_parser_parse_any_core (a_this, n_calls + 1); + } while (status == CR_OK); + + ENSURE_PARSING_COND (status == CR_PARSING_ERROR); +-- +GitLab + diff --git a/user/libjpeg-turbo/APKBUILD b/user/libjpeg-turbo/APKBUILD index cbecdd1a4..5910e7011 100644 --- a/user/libjpeg-turbo/APKBUILD +++ b/user/libjpeg-turbo/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libjpeg-turbo -pkgver=2.0.4 -pkgrel=1 +pkgver=2.0.5 +pkgrel=0 pkgdesc="Accelerated JPEG compression and decompression library" url="https://libjpeg-turbo.org/" arch="all" @@ -11,7 +11,6 @@ depends="" makedepends="cmake" subpackages="$pkgname-doc $pkgname-dev $pkgname-utils" source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz - CVE-2020-13790.patch " case "$CTARGET_ARCH" in @@ -63,5 +62,4 @@ utils() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz -83752558d0cf60508a9ccd55505b91f4faa22277537916629a045b2aaa0cb3649e2f90b0df26d389687dc4aba78bdf76e64fc5e5eb324a65026ec86cd95dbe6a CVE-2020-13790.patch" +sha512sums="5bf9ecf069b43783ff24365febf36dda69ccb92d6397efec6069b2b4f359bfd7b87934a6ce4311873220fccc73acabdacef5ce0604b79209eb1912e8ba478555 libjpeg-turbo-2.0.5.tar.gz" diff --git a/user/libjpeg-turbo/CVE-2020-13790.patch b/user/libjpeg-turbo/CVE-2020-13790.patch deleted file mode 100644 index aaeec0c9c..000000000 --- a/user/libjpeg-turbo/CVE-2020-13790.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001 -From: DRC <information@libjpeg-turbo.org> -Date: Tue, 2 Jun 2020 14:15:37 -0500 -Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM - -This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to -include binary PPM files with maximum values < 255, thus preventing a -malformed binary PPM input file with those specifications from -triggering an overrun of the rescale array and potentially crashing -cjpeg, TJBench, or any program that uses the tjLoadImage() function. - -Fixes #433 - -diff --git a/rdppm.c b/rdppm.c -index 87bc33090..a8507b902 100644 ---- a/rdppm.c -+++ b/rdppm.c -@@ -5,7 +5,7 @@ - * Copyright (C) 1991-1997, Thomas G. Lane. - * Modified 2009 by Bill Allombert, Guido Vollbeding. - * libjpeg-turbo Modifications: -- * Copyright (C) 2015-2017, D. R. Commander. -+ * Copyright (C) 2015-2017, 2020, D. R. Commander. - * For conditions of distribution and use, see the accompanying README.ijg - * file. - * -@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) - /* On 16-bit-int machines we have to be careful of maxval = 65535 */ - source->rescale = (JSAMPLE *) - (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, -- (size_t)(((long)maxval + 1L) * -+ (size_t)(((long)MAX(maxval, 255) + 1L) * - sizeof(JSAMPLE))); - half_maxval = maxval / 2; - for (val = 0; val <= (long)maxval; val++) { diff --git a/user/libproxy/APKBUILD b/user/libproxy/APKBUILD index 1cdb0c9b5..7a13ebc05 100644 --- a/user/libproxy/APKBUILD +++ b/user/libproxy/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: pkgname=libproxy pkgver=0.4.15 -pkgrel=2 +pkgrel=3 pkgdesc="Library providing automatic proxy configuration management" url="http://libproxy.github.io/libproxy/" arch="all" @@ -14,8 +14,15 @@ subpackages="$pkgname-dev $pkgname-bin py3-$pkgname:py" source="$pkgname-$pkgver.tar.gz::https://github.com/libproxy/libproxy/archive/$pkgver.tar.gz libproxy-0.4.7-unistd.patch fix-includes.patch + CVE-2020-25219.patch + CVE-2020-26154.patch " +# secfixes: +# 0.4.15-r3: +# - CVE-2020-25219 +# - CVE-2020-26154 + build() { cmake \ -DCMAKE_INSTALL_PREFIX=/usr \ @@ -55,4 +62,6 @@ py() { sha512sums="8f68bd56e44aeb3f553f4657bef82a5d14302780508dafa32454d6f724b724c884ceed6042f8df53a081d26ea0b05598cf35eab44823257c47c5ef8afb36442b libproxy-0.4.15.tar.gz 9929c308195bc59c1b9a7ddaaf708fb831da83c5d86d7ce122cb9774c9b9b16aef3c17fb721356e33a865de1af27db493f29a99d292e1e258cd0135218cacd32 libproxy-0.4.7-unistd.patch -e35b4f806e5f60e9b184d64dceae62e6e343c367ee96d7e461388f2665fe2ab62170d41848c9da5322bb1719eff3bfaecb273e40a97ce940a5e88d29d03bd8d9 fix-includes.patch" +e35b4f806e5f60e9b184d64dceae62e6e343c367ee96d7e461388f2665fe2ab62170d41848c9da5322bb1719eff3bfaecb273e40a97ce940a5e88d29d03bd8d9 fix-includes.patch +908fbf49bec18764a8c2ab81ef5d5e6e1fc2423cf9a6608cc7d3a6d5ac44676e171646b0f95b39b7ade108afd62cc2ede8f7b57d6ba0d67025f30b18e5084292 CVE-2020-25219.patch +01c784a8016bb2a2bf5058b6af7fac29250542bfd4e0679a91fa223c821336d651f8f4a968763072edb86a78a743618c312a2daeb2963c8e5207109f2d26a18f CVE-2020-26154.patch" diff --git a/user/libproxy/CVE-2020-25219.patch b/user/libproxy/CVE-2020-25219.patch new file mode 100644 index 000000000..03cfbc00e --- /dev/null +++ b/user/libproxy/CVE-2020-25219.patch @@ -0,0 +1,57 @@ +From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@gnome.org> +Date: Wed, 9 Sep 2020 11:12:02 -0500 +Subject: [PATCH] Rewrite url::recvline to be nonrecursive + +This function processes network input. It's semi-trusted, because the +PAC ought to be trusted. But we still shouldn't allow it to control how +far we recurse. A malicious PAC can cause us to overflow the stack by +sending a sufficiently-long line without any '\n' character. + +Also, this function failed to properly handle EINTR, so let's fix that +too, for good measure. + +Fixes #134 +--- + libproxy/url.cpp | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/libproxy/url.cpp b/libproxy/url.cpp +index ee776b2..68d69cd 100644 +--- a/libproxy/url.cpp ++++ b/libproxy/url.cpp +@@ -388,16 +388,24 @@ string url::to_string() const { + return m_orig; + } + +-static inline string recvline(int fd) { +- // Read a character. +- // If we don't get a character, return empty string. +- // If we are at the end of the line, return empty string. +- char c = '\0'; +- +- if (recv(fd, &c, 1, 0) != 1 || c == '\n') +- return ""; +- +- return string(1, c) + recvline(fd); ++static string recvline(int fd) { ++ string line; ++ int ret; ++ ++ // Reserve arbitrary amount of space to avoid small memory reallocations. ++ line.reserve(128); ++ ++ do { ++ char c; ++ ret = recv(fd, &c, 1, 0); ++ if (ret == 1) { ++ if (c == '\n') ++ return line; ++ line += c; ++ } ++ } while (ret == 1 || (ret == -1 && errno == EINTR)); ++ ++ return line; + } + + char* url::get_pac() { diff --git a/user/libproxy/CVE-2020-26154.patch b/user/libproxy/CVE-2020-26154.patch new file mode 100644 index 000000000..929083327 --- /dev/null +++ b/user/libproxy/CVE-2020-26154.patch @@ -0,0 +1,93 @@ +From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001 +From: Fei Li <lifeibiren@gmail.com> +Date: Fri, 17 Jul 2020 02:18:37 +0800 +Subject: [PATCH] Fix buffer overflow when PAC is enabled + +The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned +out to be the large PAC file (more than 102400 bytes) returned by a +local proxy program with no content-length present. +--- + libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++------------- + 1 file changed, 31 insertions(+), 13 deletions(-) + +diff --git a/libproxy/url.cpp b/libproxy/url.cpp +index ee776b2..8684086 100644 +--- a/libproxy/url.cpp ++++ b/libproxy/url.cpp +@@ -54,7 +54,7 @@ using namespace std; + #define PAC_MIME_TYPE_FB "text/plain" + + // This is the maximum pac size (to avoid memory attacks) +-#define PAC_MAX_SIZE 102400 ++#define PAC_MAX_SIZE 0x800000 + // This is the default block size to use when receiving via HTTP + #define PAC_HTTP_BLOCK_SIZE 512 + +@@ -478,15 +478,13 @@ char* url::get_pac() { + } + + // Get content +- unsigned int recvd = 0; +- buffer = new char[PAC_MAX_SIZE]; +- memset(buffer, 0, PAC_MAX_SIZE); ++ std::vector<char> dynamic_buffer; + do { + unsigned int chunk_length; + + if (chunked) { + // Discard the empty line if we received a previous chunk +- if (recvd > 0) recvline(sock); ++ if (!dynamic_buffer.empty()) recvline(sock); + + // Get the chunk-length line as an integer + if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break; +@@ -498,21 +496,41 @@ char* url::get_pac() { + + if (content_length >= PAC_MAX_SIZE) break; + +- while (content_length == 0 || recvd != content_length) { +- int r = recv(sock, buffer + recvd, +- content_length == 0 ? PAC_HTTP_BLOCK_SIZE +- : content_length - recvd, 0); ++ while (content_length == 0 || dynamic_buffer.size() != content_length) { ++ // Calculate length to recv ++ unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE; ++ if (content_length > 0) ++ length_to_read = content_length - dynamic_buffer.size(); ++ ++ // Prepare buffer ++ dynamic_buffer.resize(dynamic_buffer.size() + length_to_read); ++ ++ int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0); ++ ++ // Shrink buffer to fit ++ if (r >= 0) ++ dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r); ++ ++ // PAC size too large, discard ++ if (dynamic_buffer.size() >= PAC_MAX_SIZE) { ++ chunked = false; ++ dynamic_buffer.clear(); ++ break; ++ } ++ + if (r <= 0) { + chunked = false; + break; + } +- recvd += r; + } + } while (chunked); + +- if (content_length != 0 && string(buffer).size() != content_length) { +- delete[] buffer; +- buffer = NULL; ++ if (content_length == 0 || content_length == dynamic_buffer.size()) { ++ buffer = new char[dynamic_buffer.size() + 1]; ++ if (!dynamic_buffer.empty()) { ++ memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size()); ++ } ++ buffer[dynamic_buffer.size()] = '\0'; + } + } + diff --git a/user/meson/APKBUILD b/user/meson/APKBUILD index d975e1460..5164bae64 100644 --- a/user/meson/APKBUILD +++ b/user/meson/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net> # Maintainer: pkgname=meson -pkgver=0.52.1 +pkgver=0.55.3 pkgrel=0 pkgdesc="Fast, user-friendly build system" url="https://mesonbuild.com/" @@ -24,4 +24,4 @@ package() { python3 setup.py install --prefix=/usr --root="$pkgdir" } -sha512sums="81e8c5897ba5311ccffc401fd514bd9a67d16caaea1f28a5c5432605766341ecd82b70c05661fbbe0c9a6006ff5ea892950bbaa548e70c3f87350438775ea6fd meson-0.52.1.tar.gz" +sha512sums="afb0bb25b367e681131d920995124df4b06f6d144ae1a95ebec27be13e06fefbd95840e0287cd1d84bdbb8d9c115b589a833d847c60926f55e0f15749cf66bae meson-0.55.3.tar.gz" diff --git a/user/yubikey-personalization/APKBUILD b/user/yubikey-personalization/APKBUILD index 1db97be94..3ff2ce728 100644 --- a/user/yubikey-personalization/APKBUILD +++ b/user/yubikey-personalization/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Kiyoshi Aman <adelie@aerdan.vulpine.house> pkgname=yubikey-personalization pkgver=1.20.0 -pkgrel=0 +pkgrel=1 pkgdesc="Cross-platform library & tools for personalizing YubiKey devices" url="https://developers.yubico.com/yubikey-personalization/" arch="all" @@ -13,6 +13,7 @@ makedepends="yubico-c-dev libusb-dev json-c-dev asciidoctor subpackages="$pkgname-dev $pkgname-doc" source="yubikey-personalization-$pkgver.tar.gz::https://github.com/Yubico/yubikey-personalization/archive/v$pkgver.tar.gz use-asciidoctor.patch + json_c.patch " prepare() { @@ -40,4 +41,5 @@ package() { } sha512sums="a38b26700793f0a801e5f5889bbbce4a3f728d22aaecf8d0890f1b5135e67bed16a78b7a36dbc323c5d296901f6dd420fa658a982492a0cd9f0bbf95a5fbc823 yubikey-personalization-1.20.0.tar.gz -d6777a43e5e57430268bb50ab704641465a7314b15fc821d8bfa7f0c6510829d0118ced426cd5f8730589efe6264df6b82fc70e8bfe3d8b7d735e51339a25af2 use-asciidoctor.patch" +d6777a43e5e57430268bb50ab704641465a7314b15fc821d8bfa7f0c6510829d0118ced426cd5f8730589efe6264df6b82fc70e8bfe3d8b7d735e51339a25af2 use-asciidoctor.patch +a8bc7ae71d0a05476688abfaea070ca7dc2eaa68e033524d4a1b2b6240eec2932d867e9eeaa248874a04f254618cd79bf9ebaa17421938b0c2e62502bf90c055 json_c.patch" diff --git a/user/yubikey-personalization/json_c.patch b/user/yubikey-personalization/json_c.patch new file mode 100644 index 000000000..ca5a918d2 --- /dev/null +++ b/user/yubikey-personalization/json_c.patch @@ -0,0 +1,83 @@ +From 0aa2e2cae2e1777863993a10c809bb50f4cde7f8 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <mail@eworm.de> +Date: Sat, 25 Apr 2020 20:55:28 +0200 +Subject: [PATCH] fix boolean value with json-c 0.14 + +Upstream removed the TRUE and FALSE defines in commit +0992aac61f8b087efd7094e9ac2b84fa9c040fcd. +--- + ykpers-json.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/ykpers-json.c b/ykpers-json.c +index a62e907..15ad380 100644 +--- a/ykpers-json.c ++++ b/ykpers-json.c +@@ -40,7 +40,7 @@ + #define yk_json_object_object_get(obj, key, value) json_object_object_get_ex(obj, key, &value) + #else + typedef int json_bool; +-#define yk_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? (json_bool)FALSE : (json_bool)TRUE ++#define yk_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? 0 : 1 + #endif + + static void set_json_value(struct map_st *p, int mode, json_object *options, YKP_CONFIG *cfg) { +@@ -50,7 +50,7 @@ static void set_json_value(struct map_st *p, int mode, json_object *options, YKP + if(p->mode && (mode & p->mode) == mode) { + json_object *joption; + json_bool ret = yk_json_object_object_get(options, p->json_text, joption); +- if(ret == TRUE && json_object_get_type(joption) == json_type_boolean) { ++ if(ret == 1 && json_object_get_type(joption) == json_type_boolean) { + int value = json_object_get_boolean(joption); + if(value == 1) { + p->setter(cfg, true); +@@ -230,20 +230,20 @@ int _ykp_json_import_cfg(YKP_CONFIG *cfg, const char *json, size_t len) { + ykp_errno = YKP_EINVAL; + goto out; + } +- if(yk_json_object_object_get(jobj, "yubiProdConfig", yprod_json) == FALSE) { ++ if(yk_json_object_object_get(jobj, "yubiProdConfig", yprod_json) == 0) { + ykp_errno = YKP_EINVAL; + goto out; + } +- if(yk_json_object_object_get(yprod_json, "mode", jmode) == FALSE) { ++ if(yk_json_object_object_get(yprod_json, "mode", jmode) == 0) { + ykp_errno = YKP_EINVAL; + goto out; + } +- if(yk_json_object_object_get(yprod_json, "options", options) == FALSE) { ++ if(yk_json_object_object_get(yprod_json, "options", options) == 0) { + ykp_errno = YKP_EINVAL; + goto out; + } + +- if(yk_json_object_object_get(yprod_json, "targetConfig", jtarget) == TRUE) { ++ if(yk_json_object_object_get(yprod_json, "targetConfig", jtarget) == 1) { + int target_config = json_object_get_int(jtarget); + int command; + if(target_config == 1) { +@@ -275,13 +275,13 @@ int _ykp_json_import_cfg(YKP_CONFIG *cfg, const char *json, size_t len) { + if(mode == MODE_OATH_HOTP) { + json_object *jdigits, *jrandom; + ykp_set_tktflag_OATH_HOTP(cfg, true); +- if(yk_json_object_object_get(options, "oathDigits", jdigits) == TRUE) { ++ if(yk_json_object_object_get(options, "oathDigits", jdigits) == 1) { + int digits = json_object_get_int(jdigits); + if(digits == 8) { + ykp_set_cfgflag_OATH_HOTP8(cfg, true); + } + } +- if(yk_json_object_object_get(options, "randomSeed", jrandom) == TRUE) { ++ if(yk_json_object_object_get(options, "randomSeed", jrandom) == 1) { + int random = json_object_get_boolean(jrandom); + int seed = 0; + if(random == 1) { +@@ -290,7 +290,7 @@ int _ykp_json_import_cfg(YKP_CONFIG *cfg, const char *json, size_t len) { + goto out; + } else { + json_object *jseed; +- if(yk_json_object_object_get(options, "fixedSeedvalue", jseed) == TRUE) { ++ if(yk_json_object_object_get(options, "fixedSeedvalue", jseed) == 1) { + seed = json_object_get_int(jseed); + } + } |